The leaked code could provide clues to vulnerabilities that could be used to compromise, jailbreak, and decrypt iOS devices.

Image: CNET

Someone has published the purported source code for the iOS bootloader, iBoot, potentially opening the door for hackers and jailbreakers to find vulnerabilities in Apple’s mobile OS.

Motherboard reports that the iBoot source code for iOS 9 was leaked on GitHub and, although it is an older version of iOS, parts of it probably remain in the current iOS 11.

iBoot is a core part of iOS’s secure boot chain, a highly sensitive process that happens when an iOS device is switched on.

The secure boot chain ensures the lowest levels of software in the OS haven’t been tampered with and only loads software signed by Apple, according to Apple’s iOS security whitepaper.

Because of the sensitivity of the component, Apple offers its highest $200,000 reward in its iOS bug bounty scheme to researchers who find vulnerabilities in secure boot firmware.

Jonathan Levin, an author of several books on iOS and OS X development, told the publication the iBoot source code appears to be real as it matched code he’d reverse-engineered.

Levin said it was a “huge deal” for Apple as it would give researchers clues to find vulnerabilities that could be used to compromise, jailbreak and decrypt iOS devices.

It’s not known who leaked the source code on GitHub but it first appeared four months ago via a link on Reddit posted by a user called ‘apple_internals’. However, that leak — which was hosted on Mega and is no longer available — went largely unnoticed.

While Apple has open-sourced parts of iOS, Levins noted that it has continued to closely guard iBoot’s 64-bit image.

In a section explaining the reasons for the takedown and content type, the law firm says the notice covers “reproduction of Apple’s iBoot source code, which is responsible for ensuring trusted boot operation of Apple’s iOS software. The iBoot source code is proprietary and it includes Apple’s copyright notice. It is not open source.”